Software Integrity

A new detection system listens for normal CAN-BUS traffic, and blocks nascent attacks in connected cars.

A new paper, from University of Michigan researchers Kyong-Tak Cho and Kang Shin, proposed the creation of an easy-to-assemble tool they call the Clock-based Intrusion Detection System, or CIDS. The tool records the communications on a car’s internal network known as a CAN bus and—in just seconds—creates “fingerprints” for every digital component of a vehicle. It does so by listening for tiny timing errors—known as “clock skew”—that are different in every computer—including every computer inside a car. CIDS’ device then uses those fingerprints to differentiate between the ECUs, and to spot when one ECU impersonates another, according to Wired.com

“Since each clock drifts, based on the message arrival, I can tell whether it’s sent by [the car’s legitimate ECU] or someone else,” says Kang Shin, the University of Michigan professor who created CIDS along with graduate researcher Kyong Tak. “We can fingerprint it based on timing, according to that clock.”

CIDS prototype, which connects to a car’s network via the OBD-2 port under the dashboard, fingerprinted dozens of ECUs. As promising as this sounds, The Michigan researchers’ gadget is just a proof of concept. They don’t plan to build a consumer product, and they’re not yet releasing their code, Wired.com reports.

Charlie Miller, who last year hacked a Jeep Cherokee, was cynical of this new approach. He tweeted that the research here only amounted to one thing: tenure for the professors writing it.